Migrating from Previous Versions of HP-UX IPSec

Pre-Installation Migration Instructions

Pre-Installation Migration Instructions

Before installing HP-UX IPSec version A.02.00, verify that your installation meets the following conditions:

MD5 version compatibility: If you are using MD5 transforms, all HP-UX IPSec systems must be version A.01.04 or higher. For more information, refer to “MD5 Version Compatibility” on page 289.

Migrating from HP-UX IPSec versions prior to A.01.003 (such as A.01.01 or A.01.02): You must follow the procedure listed in “Migrating from Versions Prior to A.01.03” on page 289.

MD5 Version Compatibility

HP-UX IPSec versions A.01.04 and higher fix a defect in the HP-UX IPSec MD5 algorithm. If you are using an earlier version of HP-UX IPSec (A.01.03 or earlier) to communicate with IPSec version A.01.04, A.01.05, A.01.06, or A.01.07 and using a transform with MD5, the authentication will intermittently fail and HP-UX IPSec will drop the packet and report an error.

If you are currently using HP-UX IPSec with any of the following transforms, you must simultaneously upgrade all your systems to HP-UX IPSec version A.01.04 or higher.

AH-MD5 transforms

ESP transforms that are authenticated using MD5:

ESP-DES-HMAC-MD5

ESP-3DES-HMAC-MD5

ESP-AES128-HMAC-MD5

Nested AH and ESP transforms that use MD5

If MD5 authentication fails between HP-UX IPSec version A.01.04 or higher and an earlier version of HP-UX IPSec, you will see entries similar to the following in the HP-UX IPSec log file:

Msg: 31 From: SECPOLICYD Lvl: ALERT Date: Friday Oct 19 16:12:30 2001

Event: Integrity Check Value failure - SPI: 1C97D8 IP addr: 15.13.136.52:15.1

3.136.171 proto: 51.

To view an HP-UX IPSec log file, use the command

ipsec_report -auditaudit_file_name [-fileoutput_file_name]

By default, HP-UX IPSec log files are located in the /var/adm/ipsec directory. The log file name format is auditdate_information.log.

Migrating from Versions Prior to A.01.03

If you are updating to HP-UX IPSec version A.02.00 from a version released prior to A.01.03 (such as version A.01.01 or A.01.02) and want to re-use your configuration files, you must use the following procedure to first update to HP-UX IPSec version A.01.05, then update to version A.02.00:

Appendix B

289

Page 292 Page 294
Page 293
Image 293
HP UX IPSec Software manual Pre-Installation Migration Instructions, MD5 Version Compatibility
Page 292 Page 294

UX IPSec Software specifications

HP-UX IPSec Software is an integral component of the HP-UX operating system, providing robust and secure communication capabilities for enterprise environments. As organizations increasingly rely on secure networking solutions, HP-UX IPSec stands out with its comprehensive set of features and technologies designed to safeguard sensitive data.

One of the core characteristics of HP-UX IPSec Software is its implementation of the Internet Protocol Security (IPSec) framework. This technology secures Internet Protocol (IP) communications through authentication and encryption, ensuring the integrity and confidentiality of data transmissions. By leveraging IPSec, HP-UX provides a secure method for connecting remote users and secure sites over untrusted networks, such as the internet.

A notable feature of the HP-UX IPSec Software is its support for both transport and tunnel modes. The transport mode encrypts only the payload of the IP packet, whereas the tunnel mode encapsulates the entire IP packet within a new packet, allowing for secure communications between entire networks. This flexibility enables organizations to tailor their security strategies based on specific use cases and requirements.

HP-UX IPSec also emphasizes interoperability and compliance with industry standards. The software supports various encryption algorithms and authentication methods, including those defined by the Internet Engineering Task Force (IETF). This commitment to open standards ensures that HP-UX can seamlessly integrate with a diverse range of networking infrastructures and security solutions.

In addition to its security features, HP-UX IPSec Software offers administration tools that simplify the configuration and management of IPSec policies. The software includes a user-friendly command-line interface, allowing system administrators to specify security associations and policies efficiently. Moreover, comprehensive logging and monitoring capabilities help organizations keep track of their security posture and detect potential vulnerabilities.

Another essential characteristic of HP-UX IPSec Software is its scalability. Designed to accommodate the needs of both small and large enterprises, it can handle increased loads and adapt to changing security demands without compromising performance.

In conclusion, HP-UX IPSec Software stands as a vital solution for organizations seeking to protect their data transmissions over IP networks. With its core technologies, such as transport and tunnel modes, adherence to industry standards, user-friendly administration tools, and scalability, it provides a formidable layer of security in an increasingly interconnected world. This makes it a preferred choice for enterprises aiming to enhance their network security frameworks.
Top Page Image Contents